On Thu, Jan 26, 2006 at 01:31:04AM -0500, [EMAIL PROTECTED] wrote: > On Thursday, January 26, 2006, at 00:53AM, Ted Unangst <[EMAIL PROTECTED]> > wrote: > > >On 1/25/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > >> 3.9 beta was not fun for me, so I am reinstalling to 3.8 -Stable. > >> For whatever reason I forgot that securelevel was set to 2, but > >> 'make build' is running alright at the moment. > >> > >> Can I also compile ports with securelevel set to 2? Does someone > >> know of a port where I must decrease the securelevel? Usually I > >> install at least nano, tcsh, and kermit. > > > >you can do everything except make release. which means you should ask > >why you even bother with securelevel 2. if you don't know what it > >does, don't fiddle with it. > > I am *learning* what it does. :) > I am planning on make release for tomorrow. > Things are great- thanks.
You might want to read a little about the recent polemic surrounding securelevels. Basically, they work, but files that are supposed to be unchangeable can be made inaccessible by (transparently?) mounting a filesystem on top. This was fixed in, for instance, NetBSD by disallowing mounts; Theo said that it wouldn't be fixed in OpenBSD, as 'securelevels are useless', prompting a response from, amongst others, securityfocus.com, which prompted a response from undeadly.org, and so on. That is not to say that securelevels do not restrict some things; however, whether they are actually useful is questionable. Certainly, time spent on tuning them may be better spent elsewhere. Joachim